The UpGuard Cyber Risk Team can now confirm that a cloud storage repository containing information belonging to LocalBlox, a personal and business data search service, was left publicly accessible, exposing 48 million records of detailed personal information on tens of millions of individuals, gathered and scraped from multiple sources.
In the wake of a string of data exposures originating from Pentagon intelligence-gathering agencies, the most recent of which revealed the workings of a massive, worldwide social media surveillance program, the UpGuard Cyber Risk Team can now disclose another. Critical data belonging to the United States Army Intelligence and Security Command (INSCOM), a joint US Army and National Security Agency (NSA) Defense Department command tasked with gathering intelligence for US military and political leaders, leaked onto the public internet, exposing internal data and virtual systems used for classified communications to anyone with an internet connection. With a middling CSTAR cyber risk score of 589 out of a maximum of 950, INSCOM’s web presence provides troubling indications of gaps in their cybersecurity - exemplified by the presence of classified data within this publicly accessible data repository.
The UpGuard Cyber Risk Team can now disclose that Viacom Inc, the Fortune 500 corporation that owns Paramount Pictures, as well as cable channels like MTV, Comedy Central, and Nickelodeon, exposed a vast array of internal access credentials and critical data that could be used to cause immense harm to the multinational corporation’s business operations. Exposed in the leak are a master provisioning server running Puppet, left accessible to the public internet, as well as the credentials needed to build and maintain Viacom servers across the media empire’s many subsidiaries and dozens of brands. Perhaps most damaging among the exposed data are Viacom’s secret cloud keys, an exposure that, in the most damaging circumstances, could put the international media conglomerate’s cloud-based servers in the hands of hackers. Such a scenario could enable malicious actors to launch a host of damaging attacks, using the IT infrastructure of one of the world’s largest broadcast and media companies.